Today you need to remember many passwords. You need a password for your school network logon, your e-mail account, your website's password, online banking passwords etc. etc. etc. The list is endless. There are many debates about how you should choose your passwords and each debate will discuss the relative security risks. Common to all of these debates is probably the human aspect of choosing a password. In other words, how do you balance a password that you can easily remember with the security of the system that you wish to protect?
Given no restrictions on password format (other than that it has to be a certain minimum length like an 8-character password), many people will use actual words or combinations of words as their password, which aren't terribly hard to guess. Those who make their password more complex will just go back to writing it down, and you have the same problems you did with an 8-character password.
So how can you choose a better, more robust and secure password? Here is some advice.
- Keep two types of passwords. Choose a strong password for sites you care for the privacy of the information you store.
- Don’t use passwords that are easy to guess. How many of you use the name of your cat, dog, budgie, lover, partner or favourite football team or even the actual word "password"?
- Don’t use repeating characters such as a111111
- Include punctuation marks and/or numbers
- Mix capital and lowercase letters
- Include similar looking substitutions, such as the number zero for the letter 'O' or '$' for the letter 'S' Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh
- Use a different password for all sites – even for the ones where privacy isn’t an issue. Hackers, even casual users are smart enough to realise that the password that you choose for one specific system may well be used on other websites or systems
- Do not number use passwords of the form e.g., password1, password2 etc.,
- Never trust anybody with your important passwords (webmail, banking, medical etc.)
- Once you provide your password to anyone else, then your security is immediately compromised. If you absolutely need to give somebody your password, a good tactic is to first of all change your password from its original, give this to the individual and then after an agreed time change it back to the original
- Never write your password down on scraps of paper like post-it notes that could be easily found and read by others.
- If you must write your passwords down, then ensure that they are kept in a secure place.
There are many places where you can test show strong a password is. One of them is available if you go to Microsoft by clicking on this link.
· Also, be aware that most browsers offer to store your passwords, so they can auto-complete them. Many times they are not stored securely and anyone who has physical access to your computer can find the passwords (for example, go to Firefox > Tools > Options > Security > Show passwords > Show passwords again). That's why it's a better idea to use password managers like Password Safe, KeePass, RoboForm, that store your passwords securely and can manage any kind of password. In Firefox and Opera you could also use a master password, but there are commercially tools that can recover master passwords.
KeePass is one of the free open source password manager, which helps you to manage your passwords in a secure way. There are of course, others. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).